WebServiceOtherZonesApi: updated ImportAllowedZonesAsync() and ImportBlockedZonesAsync() to unescape POST parameter values.

2026-01-06 16:53:59 +00:00 · 2022-09-18 17:52:00 +05:30
parent eef2315fd8
commit 4ca330e4a1
1 changed files with 15 additions and 12 deletions
--- a/DnsServerCore/WebServiceOtherZonesApi.cs
+++ b/DnsServerCore/WebServiceOtherZonesApi.cs
@@ -19,6 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.

 using DnsServerCore.Dns.Zones;
 using Newtonsoft.Json;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Net;
@@ -53,7 +54,7 @@ namespace DnsServerCore
        {
            _dnsWebService.DnsServer.CacheZoneManager.Flush();

-            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Cache was flushed.");
+            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Cache was flushed.");
        }

        public void ListCachedZones(HttpListenerRequest request, JsonTextWriter jsonWriter)
@@ -128,7 +129,7 @@ namespace DnsServerCore
                throw new DnsWebServiceException("Parameter 'domain' missing.");

            if (_dnsWebService.DnsServer.CacheZoneManager.DeleteZone(domain))
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Cached zone was deleted: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Cached zone was deleted: " + domain);
        }

        #endregion
@@ -217,7 +218,8 @@ namespace DnsServerCore
            {
                if (formPart.StartsWith("allowedZones="))
                {
-                    string[] allowedZones = formPart.Substring(13).Split(',');
+                    string value = Uri.UnescapeDataString(formPart.Substring(13));
+                    string[] allowedZones = value.Split(',');
                    bool added = false;

                    foreach (string allowedZone in allowedZones)
@@ -228,7 +230,7 @@ namespace DnsServerCore

                    if (added)
                    {
-                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Total " + allowedZones.Length + " zones were imported into allowed zone successfully.");
+                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Total " + allowedZones.Length + " zones were imported into allowed zone successfully.");
                        _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
                    }

@@ -261,7 +263,7 @@ namespace DnsServerCore

            if (_dnsWebService.DnsServer.AllowedZoneManager.DeleteZone(domain))
            {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Allowed zone was deleted: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Allowed zone was deleted: " + domain);
                _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
            }
        }
@@ -270,7 +272,7 @@ namespace DnsServerCore
        {
            _dnsWebService.DnsServer.AllowedZoneManager.Flush();

-            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Allowed zone was flushed successfully.");
+            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Allowed zone was flushed successfully.");
            _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
        }

@@ -285,7 +287,7 @@ namespace DnsServerCore

            if (_dnsWebService.DnsServer.AllowedZoneManager.AllowZone(domain))
            {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Zone was allowed: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Zone was allowed: " + domain);
                _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
            }
        }
@@ -376,7 +378,8 @@ namespace DnsServerCore
            {
                if (formPart.StartsWith("blockedZones="))
                {
-                    string[] blockedZones = formPart.Substring(13).Split(',');
+                    string value = Uri.UnescapeDataString(formPart.Substring(13));
+                    string[] blockedZones = value.Split(',');
                    bool added = false;

                    foreach (string blockedZone in blockedZones)
@@ -387,7 +390,7 @@ namespace DnsServerCore

                    if (added)
                    {
-                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Total " + blockedZones.Length + " zones were imported into blocked zone successfully.");
+                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Total " + blockedZones.Length + " zones were imported into blocked zone successfully.");
                        _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
                    }

@@ -420,7 +423,7 @@ namespace DnsServerCore

            if (_dnsWebService.DnsServer.BlockedZoneManager.DeleteZone(domain))
            {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Blocked zone was deleted: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Blocked zone was deleted: " + domain);
                _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
            }
        }
@@ -429,7 +432,7 @@ namespace DnsServerCore
        {
            _dnsWebService.DnsServer.BlockedZoneManager.Flush();

-            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Blocked zone was flushed successfully.");
+            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Blocked zone was flushed successfully.");
            _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
        }

@@ -444,7 +447,7 @@ namespace DnsServerCore

            if (_dnsWebService.DnsServer.BlockedZoneManager.BlockZone(domain))
            {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Domain was added to blocked zone: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Domain was added to blocked zone: " + domain);
                _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
            }
        }